Endpoints
| Method | Path | Description |
|---|---|---|
| POST | /sign | Return RSA-SHA256 signature for provided data + key |
| POST | /verify | Check signature validity for provided data + public key |
| GET | /health | Liveness check |
POST /sign
Request
{
"data": "string to sign",
"privateKeyBase64": "MIIEv..." // OR
// "privateKeyPem": "-----BEGIN PRIVATE KEY-----..."
}Provide either privateKeyBase64 (PKCS#8 DER base64) or privateKeyPem. Do not send production keys to test instances.
Response
{
"signature": "base64...",
"algorithm": "RSA-SHA256",
"inputHashSha256": "hex...",
"keySource": "privateKeyBase64",
"length": 11
}cURL
curl -X POST http://localhost:3000/sign \
-H 'Content-Type: application/json' \
-d '{"data":"hello","privateKeyBase64":"..."}'POST /verify
Request
{
"data": "original string",
"signature": "base64 signature",
"publicKeyPem": "-----BEGIN PUBLIC KEY-----..."
}Response
{
"valid": true,
"algorithm": "RSA-SHA256",
"inputHashSha256": "hex...",
"length": 15
}cURL
curl -X POST http://localhost:3000/verify \
-H 'Content-Type: application/json' \
-d '{"data":"hello","signature":"...","publicKeyPem":"..."}'Sign then Verify Workflow
# Sign and capture signature (requires jq)
SIG=$(curl -s -X POST http://localhost:3000/sign \
-H 'Content-Type: application/json' \
-d '{"data":"hello","privateKeyBase64":"..."}' | jq -r '.signature')
# Verify
curl -X POST http://localhost:3000/verify \
-H 'Content-Type: application/json' \
-d '{"data":"hello","signature":"'$SIG'","publicKeyPem":"..."}'
Notes
- PKCS#8 2048+ bit RSA keys recommended. Generate:
openssl genrsa -out private.pem 2048 && openssl rsa -in private.pem -pubout -out public.pem - Signature uses SHA256 + PKCS#1 v1.5 padding.
inputHashSha256is SHA256 of UTF‑8 bytes ofdata.- No state persisted; keys handled in-memory only.